Infineon Technologies is coordinating a joint research project between industry and academia to develop a holistic security concept for the internet of things (IoT). The project will look at identifying a novel intellectual property (IP) design and verification flow that will ensure trustworthiness, especially in security-critical electronic systems.

The project, “Design methods and hardware/software co-verification for the unique identifiability of electronic components”(VE-VIDES) involves twelve partners and is supported by the German Federal Ministry of Education and Research (BMBF), as part of its funding for “Trustworthy Electronics (ZEUS)”. The VE-VIDES goal is to systematically identify potential security gaps in the design phase and to use automatically generated, trustworthy mechanisms to protect electronic systems against attack. It focuses on assuring the trustworthiness of the system hardware and takes into account the direct interfaces to trustworthy software/firmware components.

The premise of the project is that it is necessary to plan for and secure the trustworthiness of a system and for all subcomponents during design at the architecture level. VE-VIDES is therefore researching trustworthy development and verification processes which give electronic systems verifiable and, whenever possible, quantifiable protection against attacks. The design methods, tool chains and test suites emerging from this alliance project will give a solid foundation to future development tools for trustworthy electronics and will thus contribute to the technical and technological sovereignty of Germany and Europe.

The essential attack scenarios for electronic systems are:

• Attacks via the internet (hacking) in which intentionally integrated backdoors and trojans or accidentally overlooked vulnerabilities are exploited in order to change the target system’s functionality or steal data stored within the system
• Electronic, optical or physical attacks on integrated circuits in order to steal intellectual property or illegally read out or modify data

The leading institution for cataloguing cyber-security vulnerabilities, CVE-MITRE, expects a potential 43 percent reduction in overall system vulnerability when vulnerabilities in trustworthiness are eliminated at the hardware level. System-level approaches, including access restrictions and redundancy, currently help protect against attacks and reduce security risks. VE-VIDES applies a holistic security concept here to improve the development processes for trustworthy electronics systems and their integration along global value chains. The concept employs an innovative IP design and verification flow to ensure the trustworthiness of security-critical electronics systems in particular.

VE-VIDES follows an application-oriented approach, bringing together companies from important industry sectors such as automotive and industry 4.0 with supplier, development and research partners.

Infineon’s Djones Lettnin, head of the alliance project, commented, “We rely on electronic systems in almost every aspect of our lives and our work. These systems make our lives easier, safer and greener. We need trustworthy electronics if we want to really be able to rely on them. In VE-VIDES our focus is on securing the trustworthiness of system hardware while taking the direct interfaces to trustworthy firmware and software components into account.”

The participating partners in VI-VIDES are:

• CARIAD SE 
• Fraunhofer Institute for Integrated Circuits IIS, engineering of adaptive systems EAS division
• Infineon Technologies AG
• IMMS Institut für Mikroelektronik- und Mechatronik-Systeme gemeinnützige GmbH 
• OFFIS e.V. – Institute for Information Technology, 
• OneSpin, a Siemens company, 
• Robert Bosch GmbH, 
• Siemens AG
• Synopsys GmbH
• Chemnitz University of Technology
• Ulm University
• X-FAB Global Services GmbH

---

Related Contents:

How to make processors trustworthy

Siemens IC verification adds Fractal Technologies and OneSpin Solutions

DevSecOps brings defense in depth to embedded security

Building security into an AI SoC using CPU features with extensions

Toolkit integration eases functional safety verification

IoT security hinges on effective device enrollment with public key infrastructure

Community-driven resource tracks hardware design security weaknesses